J.-C.Fabre
Y. Deswarte
B. Randell
University of Newcastle upon Tyne. 1993
Tolerance to both accidental and intentional faults has been investigated for several years using a novel technique called Fragmentation-Redundancy-Scattering (FRS). The core idea of FRS consists of fragmenting confidential information in order to produce insignificant fragments and then in scattering the fragments so obtained in a redundant fashion across a network of a large number of workstations. This technique has been applied both to the storage of confidential information and to the processing of sensitive information. The main objective of this paper is essentially to describe a general approach to the design of FRS applications. It is based on an object-oriented approach in which elementary objects (classes) are defined in such a way that the information in any given object, taken on its own, is not confidential. The approach involves fragmenting a confidential object using its composition structure, i.e. in terms of a hierarchy of sub-objects (the "is-part-of" relation of the object model). The fragmentation process continues until the resulting sub-objects are such as to be non-confidential. The non-confidential object replicas are then scattered among untrusted stations. An account is given of how this approach has been applied to the design and implementation of an electronic diary application on a fault-tolerant distributed system.